Hello,
While copying a file NTFS security is not applied to destination file.
Would you please suggest any reference code (or can you please point me to correct direction i.e. link, articles etc) to apply NTFS security to destination folder.

It's necessary to implement optional OnGetSecurity and OnSetSecurity callbacks to achieve it. There is no any samples now where it's done but we are going to add it in future.
The idea is the following - the SECURITY_DESCRIPTOR data should be associated with files (for example in SDDL format). For details about this structure see MSDN.

As per your suggestion, I reviewed SECURITY_DESCRIPTOR data in SSDL
format, for example I have string security descriptor of file
C:\1\temp.txt. Now I have copied that to Z:\, but in GetFileSecurity
method I need to add file path of temp.txt, but as I have string SSDL
format of security descriptor and do not want to use GetFileSecurity,
can you please suggest me any other method for viewing the security
information of Z:\temp.txt using string security descriptor not by path of C:\1\temp.txt

You should not "view" security descriptor. What you need to do is:
1) In OnSetFileSecurity take the security descriptor block and store it somewhere, for example where your file is stored.
2) In OnGetFileSecurity your return this security descriptor block to the OS
3) In OnOpen or OnCreate request you check the security descriptor, i.e. whether the calling process is allowed to access the file in requested mode. Unfortunately the OS doesn't perform such checks itself. Please do the search in this forum for OnGetFileSecurity, Vladimir described checking procedure here before.
4) Be sure to set CallAllOpenCloseCallbacks to true, if you perform security checks.

Actually I want to see security tab, which I am not able to see when I use string security descriptor. When I tried to view security tab it gives me error like "Security is unavailable or not have permissions". I have attached exact error message here.
I will check OnGetFileSecurity procedure in forums.

You return whatever was set in OnSetFileSecurity. I guess that if this information is not available, you need to create and return security descriptor of the parent object OR default security descriptor that you would create yourself and that will provide all access rights.

I have already return string security descriptor (string security descriptor in SSDL format using ConvertStringSecurityDescriptorToSecurityDescriptor API) but still having same issue when I click on Security tab of a file. The error is shown in above post.

The OnGetFileSecurity callback asks to return security descriptor as SECURITY_DESCRIPTOR structure in the self-relative format (i.e. all the security descriptor's information must be stored in a contiguous block of memory).
Do you convert the SDDL string into the SECURITY_DESCRIPTOR structure before you return data from the OnGetFileSecurity callback?
BTW try to return from this callback something that is definitely correct (just for test). For example get the security information from a NTFS file by means of the system GetFileSecurity API.

Let you explain my problem, I have string security descriptor in SSDL format of a file say C:\1\temp.txt (i.e. O:BAG:S-1-5-21-2050085053-1656512420-3026380890-513D:AI(A;ID;FA;;;AU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;BU) I got this by using ConvertSDToStringSD method.)

Now I want to see security information of a file Z:\temp.txt file, so I clicked on security tab on a file. Here I do not want to use GetFileSecurity API because it uses mRootPath + FileInfo.FileName (As it is not working with Z:\temp.txt). As I have string security descriptor in SSDL format, I can get security descriptor by using ConvertStringSecurityDescriptorToSecurityDescriptor API to get IntPtr SecurityDescriptor.

I observed that Length and LengthNeeded are getting the valid lengths like GetFileSecurity API, but IntPtr SecurityDescriptor is not same as SecurityDescriptor parameter so I think due to this security tab doesn't allow to show security Information.

Please suuggest me how to convert SDDL string into the SECURITY_DESCRIPTOR structure to return that from OnGetFileSecurity.

When I use GetFileSecurity method by passing parameter mRootPath + FileInfo.FileName, security information shows valid information, but instead of that I want to use SDDL string.

ConvertStringSecurityDescriptorToSecurityDescriptor itself allocates a memory chunk for the SECURITY_DESCRIPTOR structure and returns a pointer to it via the SecurityDescriptor parameter. It's then necessary to copy this data to the location specified by the IntPtr SecurityDescriptor parameter (but don't forget to check if there is enough memory there).
Do something like this:

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.